<?php

/* 
	FalconKMS Login Manager
	Version: 1.0-BETA
	Author: Geoff Wilson (g.a.wilson at ncl.ac.uk)
	
*/

function getPlayerLossCount($playerID)
{
	$sql = "SELECT COUNT(`killID`) AS numberLosses FROM `kb_kill` WHERE `playerID` = '$playerID'";
	return mysql_result(mysql_query($sql),0);
}

function getPlayerKillCount($playerID)
{
	$sql = "SELECT COUNT(`involvedID`) AS numberLosses FROM `kb_involved` WHERE `playerID` = '$playerID'";
	return mysql_result(mysql_query($sql),0);
}

if ($killboardSettings['allowLogins'] == 1)
{

	$loginMessage = "";
	
	session_start();
	
	if (isset($_POST['login']))
	{
		// Validate Variables
		$playerName = $_POST['username'];
		$playerPassword = $_POST['password'];
			
		// Authenticate the login
		if (($playerName != NULL) && ($playerPassword != NULL))
		{
			$playerPassword = sha1($playerPassword); // hash the password
			$sql = "SELECT * FROM `kb_player` WHERE `playerName` = '$playerName'";
			$queryResult = mysql_query($sql);
			if (mysql_num_rows($queryResult) == 0)
			{
				// Invalid ID
				$loginMessage = ("Login Credentials Incorrect");
			}
			else
			{
				$userDetails = mysql_fetch_array($queryResult);
				if ($userDetails['password'] == $playerPassword)
				{
					// Setup Login Session
					$_SESSION['activePlayer'] = $playerName;
					$_SESSION['activeID'] = $userDetails['playerID'];
					$_SESSION['loggedIn'] = 1;
	
					// Temporary Placeholder Values Only
					$_SESSION['canPost'] = $userDetails['canPost'];
					$_SESSION['canAdmin'] = $userDetails['canAdmin'];
				}
				else
				{				
					$loginMessage = ("Login Credentials Incorrect");
				}
			}
		}
		else
		{
			$loginMessage = ("Login Credentials Incorrect");
		}
	}
	
	if (isset($_SESSION['loggedIn']))
	{
		$playerLosses = getPlayerLossCount($_SESSION['activeID']);		
		$playerKills = getPlayerKillCount($_SESSION['activeID']);

		$playerImage = $_SESSION['activeID'];
		
		if (!(file_exists("../people/". $playerImage . ".png")))
		{
			$playerImage = "noImage";
		}	
		
		if ($_SESSION['canPost'] == 1)
		{
			$postImage = "../images/canPost.png";
		}
		else
		{	
			$postImage = "../images/cantPost.png";
		}
		
	?>
	<tr>
		<td>
		<table>
		<tr>
			<td rowspan="2"><img class="shipImage" src="../people/<?php echo($playerImage);?>.png" /></td>
			<td rowspan="2"><img class="shipImage" src="<?php echo($postImage);?>" alt="posting" /></td>
			<td>Logged in as: <b><?php echo($_SESSION['activePlayer']);?></b> - <a href="logout.php">log out</a></td>
		</tr>
		<tr>
			<td><b>kills:</b> <?php echo($playerKills);?> <b>losses:</b> <?php echo($playerLosses);?> <b>destroyed:</b> <span style="color:#00FF00">0 ISK</span> <b>lost:</b> <span style="color:#FF0000">0 ISK</span></td>
		</tr>
		</table>
		</td>
	</tr>
		
	<?php
	}
	else
	{
	?>
	<tr>
	<td>
	<table>
	<form id="form1" name="loginform" method="post" action="index.php">
	<tr>
		<td>Name:</td>
		<td><input class="text-box" type="text" name="username" /></td>
		<td>Password:</td>
		<td><input class="text-box" type="password" name="password" /></td>
		<td><input type="submit" value="Login" name="login" /></td>
		<td style="color:#FF0000; font-style:italic;"><?php echo($loginMessage);?></td>
	</tr>
	</form>
	</table>
	</td>
	</tr>
	<?php
	}
}

?>